RT @0xLegacyy: Developing a scriptable (pwndbg-like) debugger for windows. Few more things we need to iron out but will be releasing soon 🐸….

I've most recently added liveness info for registers / flags. No more pushf / popf pairs to make things a bit harder for analysts \( -_-)/

You can use stitch's GlobalRefs to write arbitrary data to sections and reference them in the same or later sections - Here's some code replacing a known string with a GlobalRef to my own:

Wrote a cross-platform library for rewriting / modifying code in executable files on a function level. Pretty simple to write advanced binary obfuscators using it. Below shows what ~30 LOC using Stitch transforms a function into:

I've finished most of the development for Governor, the flagship Windows 'sensor' / telemetry source for the ALCA engine. Governor can now be used alongside ALCA for dynamic signaturing of Windows malware .

Been working on a rule engine for dynamic malware analysis - ingests telemetry from a 'sensor' and runs rules and sequences of rules on event data it receives. Currently writing the flagship sensor, but the library itself is available to experiment with:.

First time sharing progress on something I've been developing since the start of the year - a C2 framework with a focus on modularity. Keen to hear suggestions on features, ideas, research to implement - bearing in mind its at an early development stage

Gimmick - an in-memory payload obfuscation technique & POC via thread-safe, on-demand section decryption.